Category: Networking

  • A Wireguard based VPN with user authentication

    This post doesn’t describe specific implementation details, because the Intellectual Property for the system described here belongs to my employer. Instead it describes the basic idea behind the Wireguard based VPN I built. Names and IP addresses referred to here are not the ones used in my implementation. Wireguard is a good encrypted tunnelling protocol,…

  • A better way to use dnsmasq on Linux Mint

    This is part 5 of my series of posts about making Linux Mint my daily driver. Last time we looked at Gaming on Linux Mint, this time we look at a slightly better way of using dnsmasq instead of systemd-resolved for DNS. Update on 2024-08-23: So there was another systemd update and it stomped all…

  • Using dnsmasq on Ubuntu or Mint

    For most usual uses, the DNS setup in Ubuntu or Mint works just fine and no special configuration is needed. Some of us use Ubuntu or Mint to do work stuff, where you may need to access some internal resources by name instead of trying to remember a whole bunch of IP addresses, this article…

  • Thoughts about SFTP key security

    OK, so guys, let’s have a serious talk… TL;DR – Just read the thing, it could keep you out of trouble, and in some jurisdictions out of jail. The Internet is a scary place, especially when you work with potentially sensitive information. There are bad guys out there who would love to steal your sensitive…

  • Fun(?) with IP ranges

    So, I had this interesting idea with Cloudflare WARP+ with Zero Trust… I usually use WARP to secure my Internet when I’m off my trusted networks, but sometimes I also want to use WARP to connect to internal resources. In general, tunneling IP in WARP works in one of two ways, Exclude and Include, the…

  • Securing a super secret service with Zero Trust

    Picture it, Sicily, 1937… OK, maybe not that. Picture it, you have a custom network service that you want to get at via Cloudflare WARP logged in to Cloudflare Zero Trust, but it isn’t the kind of thing that easily fits into the Public Hostname way of doing stuff (for example, it may run on…